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CO Abstract. Additive Cost Register Automata (ACRA) map strings to 

integers using a finite set of registers that are updated using assignments 

of the form "x := y + c" at every step. The corresponding class of additive 

regular functions has multiple equivalent characterizations, appealing 

closure properties, and a decidable equivalence problem. In this paper, we 

^■p solve two decision problems for this model. First, we define the register 

"^i complexity of an additive regular function to be the minimum number 

«^~. of registers that an ACRA needs to compute it. We characterize the 

fvi register complexity by a necessary and sufficient condition regarding 

the largest subset of registers whose values can be made far apart from 

one another. We then use this condition to design a pspace algorithm 

I— J to compute the register complexity of a given ACRA, and establish a 

|J-H matching lower bound. Our results also lead to a machine-independent 

ryj characterization of the register complexity of additive regular functions. 

O Second, we consider two-player games over ACRAs, where the objective 

of one of the players is to reach a target set while minimizing the cost. We 

I show the corresponding decision problem to be EXPTlME-complete when 

^. costs are non-negative integers, but undecidable when costs are integers. 

o\ 

CN 

O 

1 Introduction 

o 

Consider the following scenario: a customer frequents a coffee shop, and each 

time purchases a cup of coffee costing $2. At any time, he may fill a survey, for 

which the store offers to give him a discount of $1 for each of his purchases that 

k> month (including for purchases already made). We model this by the machine 

5_^ Mi shown in figure f.f. There are two states q$ and q-,s, indicating whether the 

customer has filled out the survey during the current month. There are three 
events to which the machine responds: C indicates the purchase of a cup of coffee, 
S indicates completion of the survey, and # indicates the end of a month. The 
registers x, y track how much money the customer owes the establishment: in 
state q^St the amount in x assumes that he will not fill out a survey that month, 
and the amount in y assumes that he will fill out a survey before the end of 
the month. At any time the customer wishes to settle his account, the machine 
outputs the amount of money owed, which is always the value in register x. 

The automaton Mi has a finite state space, and a finite set of integer-valued 
registers. On each transition, each register (say u) is updated by an expression 
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Fig. 1.1: ACRA M\ models a customer in a coffee shop. It implements a function 
/i : {C, S, 4f\ — > Z mapping the purchase history of the customer to the amount 
he owes the store. 



of the form "u := v + c", for some register v and constant c <G Z. Which of 
these registers will eventually contribute to the output is determined by future 
events, and so the cost of an event depends not only on the past, but also on 
the future. Indeed, it can be shown that these machines are closed under regular 
lookahead, i.e. the register updates can be conditioned on regular properties of 
an as-yet-unseen suffix, for no gain in expressivity. The important limitation is 
that register updates are test-free, and cannot examine the register contents. 

The motivation behind the model is generalizing the idea of regular languages 
to quantitative properties of strings. A language L C S* is regular when there 
is an accepting DFA. Regular languages are a robust class, permitting multiple 
equivalent representations as regular expressions and as formulas in monadic 
second-order logic. Recently in [3], we proposed the model of regular functions: 
they are the MSO-definable transductions from strings to expression trees over 
some pre-defined grammar. The class of functions thus defined depends on 
the grammar allowed; the simplest is when the underlying domain is the set 
of integers Z, and expressions involve constants and binary addition, and we 
call these additive regular functions. Additive regular functions have appealing 
closure properties, such as under linear combination, input reversal, and regular 
lookahead, and several analysis problems are efficiently decidable - such as 
containment, shortest paths and equivalence checking. ACRAs correspond to this 
class of additive regular functions. 

Observe that machine Mi has two registers, and it is not immediately clear 
how (if it is even possible) to reduce this number. This is the first question that 
this paper settles: Given an Additive Cost Register Automaton (ACRA) M, how 
do we determine the minimum number of registers needed by any ACRA to 
compute [.M]? We describe a phenomenon called register separation, and show 
that any equivalent ACRA needs at least k registers iff the registers of M are 
fc-separable. It turns out that the registers of Mi are 2-separable, and hence two 
registers are necessary. We then go on to show that determining fc-separability is 



PSPACE-complete. Determining the register complexity is the natural analogue 
of the state minimization problem for DFAs [7]. 

The techniques used to analyse register complexity allow us to state a result 
similar to the pumping lemma for regular languages: The register complexity of 
/ is at least k iff for some m, we have strings Co, . . . , <7 m , n, . . . , r m , suffixes w\, 
. . . , Wk-, and k distinct coefficient vectors Ci, . . . , c& € Z m so that for all vectors 
x G N™ 1 , / (corf 1 <7i r;f 2 . . . a m Wi) = J2j c ij x j + <^- Thus, depending on the suffix 
u>i, at least one of the cycles n, . . . , Tk contributes differently to the final cost. 

Next, we consider ACRAs with turn-based alternation. These are games where 
several objective functions are simultaneously computed, but only one of these 
objectives will eventually contribute to the output, based on the actions of both 
the system and its environment. Alternating ACRAs are thus related to multi- 
objective games and Pareto optimization [15], but are a distinct model because 
each run evaluates to a single value. We study the reachability problem in ACRA 
games: Given a budget k, is there a strategy for the system to reach an accepting 
state with cost at most fc? We show that this problem is EXPTlME-complete 
when the registers assume values from N, and undecidable when the registers are 
integer-valued. 



Related work The traditional model of string-to-number transducers has been 
(non-deterministic) weighted automata (WA). Additive regular functions are 
equivalent to unambiguous weighted automata over the tropical semiring, and 
are therefore strictly sandwiched between weighted automata and deterministic 
WAs in expressiveness. Deterministic WAs are ACRAs with one register, and 
algorithms exist to compute the state complexity and for minimization [13]. Mohri 
[f 4] presents a nice survey of the field. While the determinizability of weighted 
automata remains an open problem [ , ■■], it has been solved in polynomial time 
for the specific case of unambiguous weighted automata. There is a polynomial 
translation from unambiguous WAs to ACRAs, and the algorithm of subsection 
4.1 runs in polynomial time when the number of registers k — 2. Thus, to the 
extent to which they are relevant, we match the bounds available in the literature. 
Recent work on the quantitative analysis of programs [(>] also uses weighted 
automata, but does not deal with minimization or with notions of regularity. 
Data languages [8] are concerned with strings over a (possibly infinite) data 
domain D. Recent models [5] have obtained Myhill-Nerode characterizations, and 
hence minimization algorithms, but the models are intended as acceptors, and 
not for computing more general functions. Turn-based weighted games [ ] are 
ACRA games with a single register, and in this special setting, it is possible to 
solve non-negative optimal reachability in polynomial time. Of the techniques 
used in the paper, difference bound invariants are a standard tool. However when 
we need them, in section 3, we have to deal with disjunctions of such constraints, 
and show termination of invariant strengthening - to the best of our knowledge, 
the relevant problems have not been solved before. 



Outline of the paper We define the automaton model in section 2. In sec- 
tion 3, we introduce the notion of separability, and establish its connection to 
register complexity. In section 4, we show that determining the register com- 
plexity is PSPACE-complete. Finally, in section 5, we study ACRA reachability 
games - in particular, that ACRA (Z) games are undecidable, and that ACRA (N) 
reachability games are EXPTiME-complete. 

2 Additive Regular Functions 

We will use additive cost register automata as the working definition of additive 
regular functions, i.e. a function 1 / : S* — > Zj_ is regular iff it is implemented 
by an ACRA. An ACRA is a deterministic finite state machine, supplemented 
by a finite number of integer- valued registers. Each transition specifies, for each 
register u, a test-free update of the form u u := v + c", for some register v, and 
constant ceZ. Accepting states are labelled with output expressions of the form 
"u + c". 

Definition 1. An ACRA is a tuple M — (Q, S, V, S, n,qo, F, v), where. Q is a 
finite non-empty set of states, £ is a finite input alphabet, V is a finite set of 
registers, S : Q x S — ► Q is the state transition function, [i : Q x ZJ xV — > FxZ 
is the register update function, qo G Q is the start state, F C Q is the non-empty 
set of accepting states, and v : F — > V x Z is the output function. 

The configuration of the machine is a pair 7 = (g, val), where q is the current 
state, and val : V — > Z maps each register to its value. Define (q, val) — > a (q' ', val') 
iff & { a i a ) = l' an d f or each u, if \i (q, a, u) — (v, c), then val' (u) — val (v) + c. 

Machine M then implements a function [Af] : S* — > Zj^ defined as follows. 
For each a G S* , let (q , valg) — > a (qf, valf), where valg (v) — for all v. If 
qf G F and v (qf) = (u, c), then [M] (a) = valf (v) + c. Otherwise [Af] (er) = _L. 

We will write val (w, a) for the value of a register u after the machine has processed 
the string a starting from the initial configuration. 

Remark 1. Any given ACRA M can easily be trimmed so that every state q is 
reachable from the initial state. All claims made in this paper assume that the 
machines under consideration are trimmed. 

An important precondition when we define fc-separability will be that the registers 
be live. Informally, a register v is live in state q if for some suffix ct G S* , on 
processing a starting q, the initial value of v is what influences the final output. 
For example, Mi could be augmented with a third register z tracking the length 
of the string processed. However, the value of z would be irrelevant to the 
computation of /1, and z would thus not be live. A straightforward way of 
defining live registers is through suffix summaries. Let q be a state, and a G S* 
be a string. Then the suffix summary of a in q is either a register-offset pair 



1 By convention, we represent a partial function / : A — > B as a total function 
/ : A — > B±, where B± = B U {_!_}, and _L ^ B is the "undefined" value. 
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(a) M 2 



(b) M 3 



Fig. 2.1: ACRAs M2 and M3 operate over the input alphabet S = {a, b}. Both 
implement the function defined as f 2 (e) = 0, and for all a, f 2 (ca) = \aa\ , and 
f 2 (o~b) = \crb\ b . Here \a\ is the number of occurrences of the symbol a in the 
string a. 



V x Z, or _L, and which summarizes the effect of processing a starting from state 
q. If the suffix summary of a in q is (v, c), then it would be informally read as: 
"The result of processing suffix a if the machine is currently in q is the current 
value of v plus c." Formally. 

Definition 2. Lei q and q' be states so that 5(q,o~) = g'. 

1. If q' $l F, then the suffix summary of a in q is _L, and 

2. (otherwise if q' G F) if v (of) = (u, c), and \x (q, a, u) = (v, c'), then the suffix 
summary of a in q is (v, c + c'). 

A register v is live in a state q if for some a G S* , c € Z, the suffix summary of 
a in q is (v, c). 

Remark 2. Whether a register v is live in a state q is a static property of the 
state. At each state q, pick a register v q which is live in q. If no such register 
exists, then arbitrarily choose v q G V. On all transitions into q, reset all non-live 
registers v to the value of v q . This rewrite does not affect [M], and can be 
performed in linear time. All claims made in this paper assume that this rewrite 
has been performed. 

We recall the following properties of ACRAs [3] : 



Equivalent characterizations Additive regular functions are equivalent to 
unambiguous weighted automata [14] over the tropical semiring. These are non- 
deterministic machines with a single counter. Each transition increments the 
counter by an integer c, and accepting states have output increments, also integers. 
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Fig. 2.2: ACRAs M4 and M5 operate over E = {a, b}, and implement fa so that 
if a ends in an a, then fa {a) = number of as immediately following a 6, and 
otherwise fa (a) — number of 6-s immediately following an a. When we omit the 
update for a register, say v, it is understood to mean, "v := v". 



The unambiguous restriction requires that there be a single accepting path for each 
string in the domain, thus the "min" operation of the tropical semiring is unused. 
Consider the class of MSO-definable string-to-integer transductions, with the 
successor and predecessor operations allowed over integers. This class of functions 
coincides with additive regular functions. Recently, streaming tree transducers [2 j 
have been proposed as the regular model for string-to-tree transducers - ACRAs 
are equivalent in expressiveness to regular string-to-term transducers with binary 
addition as the base grammar. 



Closure properties What makes additive 2 regular functions interesting to 
study is their robustness to various manipulations: 

1. for all c G Z, if fa and fa are regular functions, then so are fa + fa and cfa, 

2. if / is a regular function, then f rev defined as f rev (a) = f (a rev ) is also 
regular, and 

3. if fa and fa are regular functions, and L is a regular language, then the 
function / defined as / (ct) = if a G L, then fa (a) , else fa (a) is also regular. 

4. ACRAs are closed under regular lookahead, i.e. even if the machine were 
allowed to make decisions based on a regular property of the suffix rather than 
simply the next input symbol, there would be no increase in expressiveness. 



Analysis problems Given ACRAs Mi and M2, equivalence-checking and the 
min-cost problem (mino-g^. [Af] (a)) can be solved in polynomial time. It follows 
then that containment (for all a, [Mi] (a) < [M 2 ] (a)) also has a polynomial 
time algorithm. 



We will often drop the adjective "additive", and refer simply to regular functions. 



3 Characterizing the Register Complexity 

The register complexity of a function / is the minimum number of registers an 
ACRA needs to compute it. For example the register complexity of both [Mi] in 
figure 1.1 and [Ma] in figure 2.1a is 2, while the register complexity of [M4] is 1. 
Computing the register complexity is the first problem we solve, and will occupy 
us for this section and the next. 

Definition 3. Let f : S* — > Zj_ be a regular function. The register complexity 
of f is the smallest number k so there is an ACRA M implementing f with only 
k registers. 

Informally, the registers of M are separable in some state q if their values 
can be pushed far apart. For example, consider the registers x, y of Mi in 
state q . For any constant c, there is a string a = C c leading to q so that 
\val (x, a) — val (y, a)\ > c. 

Definition 4. Let M = (Q,U,V,S,fj,,qo,i/) be an ACRA. The registers of M 
are &;-separable if there is some state q, and a collection U C.V so that 

1. \U\ = k, all registers v £ U are live in q, and 

2. for all c£Z, there is a string a , so that 5 (qo,<r) = q and for all distinct 
u,v £ U, \val (u, a) — val (v, a)\ > c. 

The registers of a machine M are not fc-separable if at every state q, and 
collection U of k live registers, there is a constant c so for all strings a to q, 
\val(u,a) — val (v,o~)\ < c, for some distinct u, v G U. Note that the specific 
registers which are close may depend on a. For example, in machine M3 from 
figure 2.1b, if the last symbol was a, then x and y will be close, while if the last 
symbol was a 6, then x and z are guaranteed to be equal. 

Theorem 1. Let f : S* — > Z± be a function defined by an ACRA M. Then the 
register complexity of f is at least k iff the registers of M are k-separable. 

The two directions of the proof are presented separately in the following 
subsections. 

3.1 fc-separability implies a lower bound on the register complexity 

Consider machine Mi from figure 1.1. Here k = 2, and registers x, y are separated 
in state q^s- Let u\ = e, i.e. the empty string, and cr-z = S - these are suffixes 
which, when starting from q^Si "extract" the values currently in x, y. 

Now suppose an equivalent counter-example machine M' is proposed with 
only one register v. At each state q' of M' , observe the "effect" of processing 
suffixes CTi, CT2- Each of these can be summarized by an expression of the form 
V + Cq't for i £ {1,2}, the current value of register v, and c q n £ Z. Thus, the 
outputs differ by no more than \(v + c q >i) — (v + c q > 2 )\ < |cyi| + \c q ' 2 \- Fix n = 
max,/ (|cg'i| + l c ?'2|); and observe that for all a. \\M'\ (crai) — [M'J (crcr 2 )| < n. 
For a = C n+1 , |/i (crai) — f\ (c<72)| > n, so M' cannot be equivalent to M\. In 
general, by a straightforward application of the pigeon-hole principle, we conclude: 



Lemma 1. Let M be an ACRA whose registers are k-separable. Then the register 
complexity of the implemented function f is at least k. 

Proof. Assume otherwise, so we have a machine M' with only k — 1 registers and 
equivalent to M . Let q be that state of M where separation is achieved. For each 
v £ U, there is a suffix a v £ S* and constant c v so that the suffix summary of 
<j v in q is (v, c v ). 

For each state q' of the proposed counter-example machine M' , and each 
register v £ U of M, record the suffix summary of a v in q' - (y', v , c' i v ), or JL 
Define c p as: 



max I max \c v , max \c„,„\ 

vEU q',v£U ' q 

Consider the state of the machine M' after processing some prefix a pre . For each 
suffix cr„, there must be a register v' so that |[M'] {o- pre a v ) — vol (v' , cr pre )\ < c p . 
Since there are only k — 1 registers in M' and k suffixes <7j, it must either be 
the case that for some pair u,v £ U, this condition holds offset from the same 
register v' . 

We assumed the condition: for each c £ N, there is a path a to q so that 
\val (u, a) — val (v, o~)\ > c (for all distinct u, v £ V). Instantiate this condition 
with c = 1 + 4c p , and let o~ pre = a be the witness prefix. Let <j„, a v be the 
pair of suffixes for which the suffix summaries in q' depend on the same v'. 
Since \val (u, a pre ) — val (v, cr pre )\ > c, it follows that \f (a pre a u ) — f (a pre a v )\ > 
c — 2c p > 1 + 2c p . However, from our closeness condition, it follows that 
|[M'J (o- pre a u ) — \M'\ (o- pre a v )\ < 2c p , leading to a contradiction. 

3.2 Non-separability permits register elimination 

Intuition Say we are given an ACRA M, and told that its registers are not 
fc-separable. This can be rewritten in the form of an invariant at each state: 
for each state q, there is a constant c q so for every collection U C V with 
\U\ = k, and for every string a with 5(qo,o~) = q, there must exist distinct 
u,v £ U with \val (u, a) — val (v,a)\ < c. For example, with 3 registers x, y, z, 
this invariant would be 3c, \x — y\ < c V \y — z\ < c V \z — x\ < c. Now, if we 
know that \x — y\ < c, then it suffices to explicitly maintain the value of only one 
register, and the (bounded) difference can be stored in the state. 

Consider machines M4, M5 in figure 2.2. While M4 is the intuitive first 
solution to the problem of implementing f^, the difference between registers 
x, y is always bounded. In both states, the non-separability invariant states 
\x — y\ < 1, or— 1 < x — y < 1. We exploit this to construct M5, which uses just 
one register u. 

Since we need to track these register differences during execution, the in- 
variants must be inductive: if D q and D q i are the invariants at states q, q' , 
and q — >- a q' is a transition in the machine, then it must be the case that 
D q => WP (D q i ,q,a). Here WP refers to the standard notion of the weakest 



precondition from program analysis: the invariant D q i identifies a set of variable 
valuations. WP (D q i ,q, a) is exactly that set of variable valuations val so that 
(q,val) — > a (q',val') for some _D g /-satisfying valuation val'. 

The standard technique to make a collection of invariants inductive is strength- 
ening: if D q =/^ wp (D q t, q, a), then D q is replaced with D q AWP (D q r,q, a), and 
this process is repeated at every pair of states until fixpoint. This procedure is 
seeded with the invariants asserting non-separability However, before the result 
of this back-propagation can be used in our arguments, we must prove that the 
method terminates - this is the main technical problem solved in this section. 

We now sketch a proof of this termination claim for a simpler class of invariants. 
Consider the class of difference-bound constraints - assertions of the form C = 
/\ u ,vev a uv < u - v < b uv , where for each u, v, a uvi b uv G Z or a uvi b uv G 
{— oo, oo}. Observe that C induces an equivalence relation =c over the registers: 
u =c v iff a uv ,b uv G Z. Let C and C be some pair of constraints so that 
C =^ C", so that the assertion C AC' is strictly stronger than C. Either C AC' 
relates a strictly larger set of variables - =cC=caC" ~~ or (if =c==c/\c) f° r 
some pair of registers u, v, the bounds a' uv < u — v < b' uv imposed by C A C 
are a strict subset of the bounds a uv < u — v < b uv imposed by C. Observe that 
the first type of strengthening can happen at most \V\ times, while the second 
type of strengthening can happen only after a uv , b uv are established for a pair of 
registers u, v, and can then happen at most b uv — a uv times. Thus the process 
of repeated invariant strengthening must terminate. However, the statements 
asserting non-separability are disjunctions of difference-bound constraints. We 
show that the above insight is sufficient even for this generalization. 

The rest of this subsection is devoted to formalizing the intuition presented 
above. 



Difference bound constraints and well-formed invariants 

Definition 5. A difference bound constraint is a conjunction of constraints of 
the form a < u — v < b, for a,b G Z U {— oo, 00} (and either a, b are both finite, 
or both infinite), and u, v G V . Well- formed invariants are finite disjunctions of 
difference bound constraints. 

Note that if there is a non-trivial term corresponding to u — v in a difference 
bound constraint, then the difference is bounded both from above and below, 
i.e. a < u — v < b, and a,b G Z. For example, < u — w<oois not a difference 
bound constraint. The trivial constraint —00 < u — v < 00 holds of every pair of 
registers. Given a difference bound constraint C, it can be set in closed form where 
whenever C contains the term a < u — v < b it also contains —6 < v — u < —a, 
and if C contains the terms a < u — v < b and a' < v — w < b' , then it also 
contains the term a" < u — w < b" , for some a + a' < a" < b" < b + b' . A 
difference bound constraint establishes an equivalence relation over the registers 
of V, where u = v iff there is a constant c so that C =^> \u — v\ < c. This is 
the same as saying that u = v iff C in closed form contains a non-trivial term 
corresponding to u — v. The following proposition describes exactly the cases 



when a difference-bound constraint C is strictly stronger than another constraint 
C: 

Claim. Let C = c\ A c-i A . . . A c^ and C" = c[ Ac' 2 A . . . A c' k , be difference bound 
constraints. If C is strictly stronger than C", i.e. C =>■ C" but C" =^>- C, then 
either 

1. ='£.=, where =, =' are the equivalence relations over V generated by C , C, 
or 

2. (otherwise if ='==) for some registers u,v £ V, the best bounds a < 
u — v < b and a' < u — v < b' implied by C and C are related as 
{a,a + l,o + 2, . . . ,6} C {a', a' + 1, a' + 2, . . . , b'}. 

Well-formed invariants are well-ordered 

Lemma 2. Let T be a labeled tree, where each node u is labeled with a difference 
bound constraint C u , and is of finite degree. Say also that the constraint at each 
node is strictly stronger than the constraint at its parent. Then T cannot be 
infinite. 

Proof. Assume otherwise. By Konig's lemma, there must be an infinite path 
through this tree, and the constraints along this path strictly increase in strength. 
We now argue that such a path cannot exist. 

Observe that the equivalence relation = associated with a difference bound 
constraint C can have no more than |V| elements. Also, once we have a pair of 
registers constrained as a < u — v < b, (with both a, b finite), the constraint can 
be tightened only b — a times. Furthermore, such tightening can only happen after 
u = v, by the equivalence relation = associated with C. Thus, every sequence of 
difference bound constraints strictly increasing in strength must be finite. This 
completes the proof. 

Definition 6. Let ip (val) be an arbitrary formula that identifies sets of states. 
Let q,q' £ Q be two states so that q' — > a q for some symbol a £ S. Then, the 
weakest precondition of ip at q with respect to the transition from q' on a, written 
as ip' = WP (if, q' , a) is ip' (val') <=> Vval, (q' ,val') — > a (q,val) => ip(val). 

It can be shown that WP {ip, q' , a) can be obtained by simultaneously replacing 
every occurrence of each register with its update expression over the transition: 
ip' — (p[v h-t jj, (q',a, v)] v , where the update expression /j,(q',a,v) — (u,c) is 
read as "u + c". For example, consider machine M4 in figure 2.2a: the weakest 
precondition of the assertion —2 < x — y < 2 in state q\ with respect to the 
transition on b from qg is the assertion —2 <x + l — y<2, or —3 < x — y < 1. 
It can be shown that: 

Claim. 1 . Let D q > be a well-formed invariant in some state q' of an ACRA M. 
Let q £ Q and a £ S so S (q, a) — q' . Then WP (D q i, q, a) is also a well- formed 
invariant. 
2. Let D and D' be well-formed invariants. Then so is D A D'. 
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Algorithm 1 SATURATE. Given an ACRA M, and a well-formed invariant D q 
at each state q € Q. The algorithm returns an inductive strengthening of these 
invariants. 

1. At each state q, initialize a tree T q . Nodes of this tree are labeled with difference 
bound constraints. The root of each tree T q is true, and its immediate children are 
the difference bound constraints C in D q . 

2. While there exist states q,q' £ Q and symbols a £ E, so that 5(q,a) = q , but 
D q =^> wp (D q i,q, a). For each difference bound constraint C £ D q so that 
C ^> WP(D q ,,q,a): 

(a) Calculate C A wp (D q i ,q,a), by the distributivity of the logical and operator 
over OR. 

(b) For the node corresponding to C in T q , create children corresponding to each 
disjunct in C A wp (D q i ,q,a). 

(c) Replace C at D q with the disjuncts in C A wp {D q i, q, a). 

3. Return, for each state q, the well- formed constraint D q . 



Lemma 3. For every input (M, D q( zQ), algorithm 1 terminates. 

Proof. Observe that with each iteration of the loop in step 2, the size of T q 
increases, for some q. If the algorithm were to not terminate, then for some q, 
T q would be infinite. We maintain the invariant that each node in T q has finite 
degree, and the difference bound constraint at each node is strictly stronger than 
that at its predecessor. But lemma 2 tells us that no such infinite tree T q can 
exist. 



Putting it all together: Constructing M' 

Lemma 4. Consider an ACRA M whose registers are not k-separable. Then, 
we can effectively construct an equivalent machine M' with only k — 1 registers. 

Proof. The idea is that the difference bounds allow us to track all but k — 1 
registers in the state. So some registers u are represented in the state as a pair 
(v,c), and we simulate the effect of register u by the expression v + c. 

Since the registers of M are not fc-separable, at each state q, and collection 
of k registers U, there is a constant c so for all paths a going to q, there is 
some pair of distinct registers u,v £ U so that \val (u, a) — vol (v, o~)\ < c (or 
equivalently, — c < u — v < c). Since U £ 2 V is drawn from a finite set, and any 
instantiation of c can be replaced by a larger constant c' > c, we can change 
the order of quantifiers: at each state q, there is a constant c, so for all paths 
a going to q and collections of k registers U C V, there exist distinct u,v 6 U 
so that \val (u, a) — val (v, a)\ < c. Simplifying this, we obtain at each state q, a 
well-formed invariant D q . In each disjunct C in D q , there is never a collection of 
more than k—\ mutually unrelated registers. Run SATURATE on these constraints 
to make them inductive. 

Now construct M' as follows. Consider some state q and some difference 
bound constraint C £ D q . Now arbitrarily pick a maximal set V q .c C V of 
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registers so no two elements B,ne Vq,c are constrained by C . Since this set is 
maximal, for every register u £ V\ V Qt c, there is a register v £ V q< c so we have 
C =>■ ciq,c,u < u — v < bq^c.m f° r o>q,c t ui b q ,c,u G Z. Define the state space Q' 
of M' as: ' 



where [a^Cwj bq,C,u] is the set of integers a q ,c,u < z < b q ^c,u- Thus, for ex- 
ample, if we have 3 registers x, y, z, and at state q, we have the invari- 
ant that —2 < x — y < 3, and < z < 1, then g would produce states 
{(g, -2, 0) , (g, -2, 1) , (q, -1, 0) , (g, -1, 1) , (q, 0, 0) , (g, 0, 1) , . . . , (g, 3, 1)}. Also, V q . c 
never has more than k — 1 registers. 

Now define J' : Q' x Z 1 — > Q' . Let (g, C, v) € Q' be a state, where v refers 
to the values of the offsets. Let a be a symbol, and let S(q,a) = q' . Since the 
invariants are inductive, it follows that there is a difference bound constraint C" 
at q' which holds when the machine makes this transition with this precondition. 
Also, there is enough information to determine statically the values of the offsets 
v'. Define 8' ((g, C, v) , a) = (g', C, v'). 

Let k' — max ?j c |K?.c|- Define V' to have k! registers. At each state-constraint 
pair q, C, choose an arbitrary mapping scheme which maps registers v' € V to 
registers v £ V qi c- The invariant is that for all paths to (g, C, v), v' holds the 
value of the corresponding register v. For every register u £ V \ V qt c, the offsets 
in v provide enough information to simulate its value by the expression v + c. 
Because the invariants are inductive, there is enough local information to define 
the register update function //, and the output function v' . 

The start state q' is any triple (qo,C, 0), where C is any constraint at go 
satisfied initially. All registers start at 0, so all register differences start at also. 
Observe that the machine M' is equivalent to M by construction, and has k! < k 
registers. This completes the proof. 

It should be noted that there is considerable freedom when defining the reduced 
machine M' above: the start state (go,C, 0) is not necessarily unique - any 
difference-bound constraint C £ D qo which is initially satisfied will work. Also, 
there may be multiple difference- bound constraints C[, C' 2 , . . . , that are satisfied 
at g' when making a transition on symbol a from (g, C, x). The choice in such 
cases can be made arbitrarily. 

Example 1. Consider machine M3 in figure 2.1b. By construction, we know 
that register x always holds the same value as one of the registers y, z. In 
particular, we have \x — y\ < V \y — z\ < V \z — x\ < as the non-separation 
invariant. The weakest precondition with respect to the transition from q on a is 
\(y + 1) -{y+ 1)| < 0V|(y+l) -z\<Q\/\z- (y + l)| < 0, which is always true. 
Thus, D q => WP(D„g,a), and similarly D q => WP (D q ,q, b). Algorithm 
1 returns immediately. We then construct the 3 state machine shown in figure 
3.1. State q xy encodes the triple (go, a: = y,0), and similarly for q yz and q zx . The 
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machine maintains 2 registers u, v. The state-specific mapping of these to the 
original registers are: in q xyi u, v hold x, z, in q yz , u, v hold x, y, and in q zx , u, 
v hold z, y respectively. Any of the states could be marked as the start state. 



start 




Fig. 3.1: An example application of lemma 4 to M3. 

4 Computing the Register Complexity 

4.1 Computing the register complexity is in PSPACE 

Intuition We reduce the problem of determining the register complexity 
of [M] to one of determining reachability in a directed "register separation" 

graph with O ( \Q\ 2> v > J nodes. The presence of an edge in this graph can 
be determined in polynomial space, and thus we have a PSPACE algorithm to 
determine the register complexity. Otherwise, if polynomial time algorithms are 
used for graph reachability and 1-counter O-reachability, the procedure runs in 
time O I c 3 \Q\ 2 4 ' v 'l J , where c is the largest constant in the machine. 

We first generalize the idea of register separation to that of separation relations: 
an arbitrary relation || C V x V separates a state q if for every c£Z, there is 
a string a so that S (qo, (?) = q, and whenever u \\ v, \val (u, a) — vol (v, a)\ > c. 
Thus, the registers of M are fc-separable iff for some state q and some subset U 
of live registers at q, \U\ = k and {(it, v) | u,v G U, u ^ v} separates q. 

Consider a string r € S* , so for some q, 8 (q, r) = q. Assume also that: 

1. For every register u in the domain or range of || , fi (g, r, u) — (u, c u ), for some 
c u € Z, and 

2. for some pair of registers x, y, fi (q, r, a;) = (x, c) and \x (g, r, y) — (y, c') for 
distinct c, c'. 
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Thus, every pair of registers that is already separated is preserved during the 
cycle, and some new pair of registers is incremented differently. We call such 
strings r "separation cycles" at q. They allow us to make conclusions of the form: 
If j| separates q, then || U{(x,y)} also separates q. 

Now consider a string a G S* , so for some q, q' , S (q, a) = q' . Pick arbitrary 
relations ||, ||', and assume that whenever v! ||' v' , and n(q,o~,u') = (u,c u ), 
[i (q, a, v') — (v, c v ), we have u \\ v. We can then conclude that if || separates q, 
then ||' separates q' We call such strings a "renaming edges" from (q, ||) to (q 1 , ||'). 

We then show that if || separates q and || is non-empty, then there is a 
separation cycle-renaming edge sequence to (q, ||) from some strictly smaller 
separation (q' , ||'). Thus, separation at each node can be demonstrated by a 
sequence of separation cycles with renaming edges in between, and thus we 
reduce the problem to that of determining reachability in an exponentially 
large register separation graph. Finally, we show that each type of edge can be 
determined in PSPACE. 



Ti+l 



start — H <?o 




(q™ j 



|i+i u {(«,«)} 



(«,0) 



(QiAU) 




U{u,v}) 



H+l) 



Fig. 4.1: The register separation graph. String oi "renames" the separation ||j 
into ||j+i) and cycle Tj+i creates a separation between u and v, while preserving 
all previously created separations. The goal is to reach a separation || m which 
has a /c-clique of live registers. 



Register separation graphs 

Definition 7. Consider some ACRA M, and let ||e 2 VxV be a relation over V. 
We say that \\ separates q if for every constant cgN, there exists a string a so 
5 (qo, a) — q and for all u,v e V, if u \\ v, then \val (u,a) — val (v, a)\ > c. Also, 
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we say that a string a c-separates (q, ||), if 5(qo,o~) = q, and for every (u,v) £\\, 
\val (u, a) — val (v, a)\ > c. 

Definition 8. Consider the set2 VxV of relations overV . The register separation 
graph has nodes Q x 2 VxV U {t}, and the following edges (figure J^.l): 

1. (Separation edges). From (q, ||) to (q, || U {(u, v)}) if there is a cycle a at q 
so that \x {q, a, u) = (u, c), \i (q, a, v) = (u, c'), c 7^ d , and for each w in the 
domain or range of\\, fi(q,a,w) = (w,c w ), for appropriate c w £ Z. 

2. (Renaming edges). From (g, ||) to (q',\\') if for some string a that leads q 
to q' , whenever (u, v) e||' ; /j,(q,o~,u) — (u',c) and /J,(q,o~,v) — {v',c') y and 
v! || v'. 

3. (Final edges). From (q, ||) to t, if there is a collection U C V of k registers, 
\U\ = k, so for each distinct pair u,v € U , u\\ v. 

Informally, a separation edge identifies a cycle r which increments a pair of 
registers u, v differently, while all other relevant registers flow into themselves. 
Renaming edges effect a "renaming" of the separation || at q into a separation 
|j' at q' . Final edges to the sink node t exist simply to identify a uniform target 
vertex. They are triggered only from vertices where fc-separation has already 
been achieved. 

The algorithm is to find a path through the register separation graph from 
(go, 0) to t. We first show that a path exists in the register separation graph 
from (go, 0) to (q, ||) iff || separates q. But since the presence of a single edge 
in this graph can be determined in polynomial space, and the "current node" 

can be stored in O ( \V\ log \Q\ J space, the presence of such a path can also be 

determined in polynomial space. Lemmas 5, 6, and 7 are the three steps to show 
the correctness of this approach. 

Connecting fc-separability to register separation graphs 

Lemma 5. // there is a path ir from (go, 0) t° (<Z, II) i n the register separation 
graph, then \\ separates q. 

Proof. Informally, since every register pair (u, v) G || are separated by some 
separation edge in 7r, and no subsequent edge results in the resetting of this 
difference (though they might increase or decrease the difference), the cycle can 
be passed enough times to create a sufficiently large separation. 

Say there are m separation edges in 7r. Then by definition, for every vector 
x £ N m , there is a string a to q so that for all u || v, 

val (u, a) — val (v, a) = c uv + >^ d^ v Xi, 

i 

where df is the difference created between u and v by the i separation edge 
in 7r. Also, by construction, for each u \\ v. there is an i so that d^ v ^ 0. 
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If we construct a vector x so that J^ d^ v Xi are simultaneously non-zero for 
all u, v, we are done, for then by appropriately scaling x, val (u, a) — val (v, a) 
can be made arbitrarily large in magnitude. Choose #1 = 1, and once x\, . . . , x; t 
are defined, define 



E 



j<i 



\ a i+l\ 



(4.1) 



(In the degenerate case when d^ x = for all u, 



x i+ i) This has the property that \d™ : 
and so ^ rf" v a;j is non-zero for all u \\ 



choose an arbitrary value for 
j<i">j "3 ( if d t+i is non-zero), 



> E-- dTx 



This completes the proof. 



Lemma 6. If || separates q, then there is a path through the register separation 
graph from (q ,9) to (q,\\). 

Proof. Consider some pair (u,v) G || - since u and v are separable at q, intuitively 
it has to be the case that there is a cycle r resulting in different increments to 
u and v (or a path from some other state q' where v! and v' were differently 
incremented on r', and then the values of these registers flowed into u and v 
respectively). We now formalize this intuition 

By induction on the number of elements in ||. There is a path from (q , 0) to 
(q, 0), for every reachable state q. Say || has m + 1 elements, and the proposition 
holds at every q for every ||' with at most m elements each. We now show the 
existence of a reachable vertex (qi, ||/), where \\i has m elements, and there is a 
path from (qi,\\i) to (q,\\). 

Consider some state q' , which on reading symbol a transitions to q. We define 
the weakest precondition of || with respect to this transition as the smallest relation 
||' C V x V so that whenever u || v then u' \\' v', where n(q',a,u) — (u',c u ) 
and fj,(q',a,v) — (v',c v ). Observe that whenever || separates q, there must be 
a predecessor state q' transitioning to q on some symbol a so that the weakest 
precondition of || with respect to this transition, ||' separates q' (for otherwise, 
along every path to q, because of the unreachability of the predecessor separation, 
some registers u \\ v have to be close). 

Specifically, let TV C Q x 2 VxV be a set of vertices in the register separation 
graph. Then, for sufficiently large c, there is a constant c' and aniV' C Q x2 VxV 
of weakest precondition separations so that all strings a that c-separate some 
element of N must be at least one symbol long, and o\ . . .a\ a i_i must c'-separate 
some element of N' . If we start with N = {(q, ||)}, and repeat this n = (p + 1) 2 P 
times (where p is the number of vertices in the register separation graph), then 
some subset N' must be repeated at least p + 1 times, let these positions be i\, 
. . . , ip+i, indexed from the end. Let c„ be the separation at N = {(q, ||)} so this 
process can be repeated n times. Choose the shortest string a that c„-separates 
(q, ||). (Indexing a from the end) At least two of u^, . . . , (Tj +1 must pass through 
the same state qi, and separate the same subset of registers ||J. Let the cycle 
between these occurrences be r, so a — a'ra", and r/e. For each pair (u, v) e||J, 
consider the register separations after processing a' and a'r. If no difference 
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changes, then a' a" also c n -separates (g, ||), contradicting the assumption that a 
was the shortest such string. Thus, some pair of registers (u, v) s||J, must have 
been incremented differently through this cycle. Define j|i = |(\{(u,t>)}, so that 
both edges (qi, \\i) — > (qi, ||J) — > (g, ||) are present in the register separation graph. 
|| i separates qi, and possesses only m elements. Hence the proof. 

Putting it all together 

Lemma 7. Let (g, ||) and (g', \\') be nodes in the register separation graph. The 
problem of determining whether an edge exists between (g, ||) and (q' , ||') can be 
answered in polynomial space. 

Proof. An edge between two nodes in the register separation graph is either a 
cycle edge or a renaming edge. We treat the three cases separately: 

1. Whether a renaming edge exists between (g, ||) and (</', ||') can be done in non- 
deterministic polynomial space. We simply guess the witness string a € E* 
from q to q', one symbol at a time, and update the current register q t and 
separation || t . We accept if q t = q' and ||' C || t . This is essentially a graph- 
reachability query which is solvable in O I log \Q\ 2^ v ' ) non-deterministic 
space. 

2. To determine the presence of a cycle edge, we first observe that it is an 
instance of a 1-counter non-zero reachability problem. A 1-counter machine is 
a tuple A — {Qa, 5, <7o)i where 5 C Qa x Qa x Z, and go G Qa- The semantics 
are non-deterministic: we start in state go, with the counter initialized to 0. 
If we are currently in a state q S Qa, then we can transition to any state 
q' so that (g, g', c) € S. During this transition, the counter is incremented 
by c. Given a final state q € Qa, the non-zero reachability problem asks: is 
there a path from go to g so that the counter value is non-zero? In our case, 
the counter encodes the difference between two registers u' and u', whose 
values have been influenced by the initial values of u and v respectively. The 
states (g, /) 6 Qa encode the current state g S Q, and the current register 
renaming / : V — ?> V, i.e. for each register v, f (v) tells us the name of 
the initial register whose value has flowed into v. Observe that Qa is large: 
it has O I |Q| \V\ J states, and thus we never explicitly construct A. We 

recall from [1] that the I-counter O-reachability problem is in NLOGSPACE, 
and can be answered in O (logc \Qa\) non-deterministic space, where c is 
the largest constant appearing in the definition of A. From this, it follows 
that the non-zero reachability problem can also be solved in O (logc \Qa\) 
non-deterministic space. Thus, the presence of a cycle edge can be determined 

in O ( log c | Q | |V| ) = 0(logc|Q| + |V]log|V|) non-deterministic space. 

3. To determine the presence of a final edge from (g, || ) to t, we simply guess the k- 
clique U of separated registers. This can be done in O (\V\) non-deterministic 
space. 

We now have the main result of this section: 
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Theorem 2. Given an ACRA M and a number k, there is a PSPACE procedure 
to determine whether its register complexity is at least k. 

Proof. We know that the registers of M are fc-separable iff there is a path through 
the register separation graph from (qo,$) to t. 

Observe that the register separation graph has O ( \Q\ 2' y l J nodes. Since 
graph reachability can be solved in NLOGSPACE, this problem can be solved 
in O (log \Q\ + \V\ J non-deterministic space. Putting the procedures together 
- separating loop detection requires 0(logc|Q| + | V| log | V|), renaming edge 
detection needs O ( log \Q\ + \V\ J , and final edge detection needs O (\V\) non- 
deterministic space. It follows that the register complexity can be determined 
using O f logc|Q| + |V| J non-deterministic space. 

An alternative in the above procedure is to use fast polynomial time algo- 
rithms as subroutines: Reachability in a graph with n vertices can be deter- 
mined in O (n) time, and 1-counter O-reachability of an n state machine can 

be decided in O I (en) ) time. With this assumption, the procedure runs in 
O (n (n + (en) 3 + 2 |y| |V| 2 )) time with n = \Q\ 2 |y|2 , and c is the largest con- 
stant in M, giving the final time complexity of the algorithm as O ( c 3 \Q\ 2 4 ' v l j . 

4.2 Pumping lemma for ACRAs 

The following theorem is the interpretation of a path through the register sep- 
aration graph. Given a regular function / of register complexity at least k, it 
guarantees the existence of m cycles n, . . . , r m , serially connected by strings <7o, 
. . . , <7 m , so that based on one of k suffixes w\, . . . , Wk, the cost paid on one of 
the cycles must differ. These cycles are actually the separation cycles discussed 
earlier, and intermediate strings er^ correspond to the renaming edges. Consider 
for example, the function fi from figure 2.1, and let <ro = e, T\ = aab, and u\ = e. 
We can increase the difference between the registers x and y to arbitrary amounts 
by pumping cycle n . Now if the suffixes are w\ = a, and u>2 = b, then the choice 
of suffix determines the "cost" paid on each iteration of the cycle. 

Theorem 3. A regular function f : S* — > "L±_ has register complexity at least k 
iff there exist strings ao, ■ ■ ■ , o m , T\, . . . , r m; and suffixes W\, . . . , Wk, and k 
distinct coefficient vectors Ci, . . . , c^. € Z m so that for all vectors x S N m , 

/ (CToTfViTvf 2 . . . o- m Wi) = 2_j C *J X J + d i- 

j 

Proof. We deal with the two cases separately: 

1. If / has register complexity at least k, then there is a path 7r through the 
register separation graph to a vertex (q, ||) with a fc-clique of live registers 



is 



in || . Every such path can be collapsed into one where this is exactly one 
renaming edge (possibly corresponding to e) between any two cycle edges. 

Let <Tj be the (i + 1) a renaming edge, and let r, be the ?* cycle edge. Since 
k mutually divergent registers are live, for each such register v, there exists 
a suffix w v to extract its value. By the definition of the register separation 
graph, the claim follows. 
2. Say there exist strings <jq, . . . , <J m , n, . . . , r m , w\, . . . , Wk so that this holds. 
Since there are only finitely many states in any given machine M implement- 
ing /, there must exist i\, j\ so that 6 (qoj&oTl 1 ) = S (<?OiC T o T i 1 ' r i 1 ) = 9ij 
for some q\ £ Q. Similarly, there must be i%, J2 so that S (gi,<7i7"2 2 ) = 
S iq\,a\T^T 2 \ = q 2 , for appropriate q 2 . Repeat this process to reach state 

q m +i- It now follows that there must exist at least k separable registers in 
q m +i, since a divergent value is extracted by each w,;. Thus, the register 
complexity of / is at least k. 

4.3 Computing the register complexity is PSPACE-hard 

We reduce the DFA intersection non-emptiness checking problem to the problem 
of computing the register complexity. Let A = (Q, E,5,qo,{qf}) be a DFA. 
Consider a single-state ACRA M with input alphabet S. For each state q £ Q, 
M maintains a register v q . On reading a symbol a £ S, M updates v q :— vg/ qa \, 
for each q. Observe that this is simulating the DFA in reverse: if we start with a 
special tagged value in v qf , then after processing a, that tag is in v qo iff a rev is 
accepted by A. Also observe that doing this in parallel for all the DFAs no longer 
requires an exponential product construction, but only as many registers as a 
linear function of the input size. We use this idea to construct in polynomial time 
an ACRA M whose registers are (k + 2)-separable iff there is a string a £ S* 
which is simultaneously accepted by all the DFAs. 

Lemma 8. The following problem is pspace- complete [ j: Given a set of DFAs, 
A = {Ai, . . . , Ak} over a common input alphabet S, is the intersection of their 
languages non-empty? 

In particular, the problem remains hard if we restrict the DFAs to have a single 
accepting state each, for a DFA over any alphabet could be extended with a new 
end-of-string symbol, and made to possess a single accepting state (incurring 
only a constant size increase). 

Claim. The following problem is PSPACE-complete: Given a set of DFAs, A = 
{Ai, . . . , Ak} over a common input alphabet JC, and each with a single accepting 
state, is the intersection of their languages non-empty? 

In figure 4.2, we describe the reduction informally. Unlabelled transitions are 
triggered by special control symbols not in S. For each state q of each DFA 
Ai, the ACRA maintains a register v q . Consider the self-loop in state qi of the 
separation gadget: on reading symbol a £ U, each register v q is assigned the value 
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of v$( qya ). Thus, after reading a string a G E* . v q contains the value initially in 
Dj/^^m), where o~ rev is the reverse string of a. The initial loop at Qq sets up large 
distinct values in all the final states. Thus, any string a that is simultaneously 
accepted by all DFAs corresponds to a way of reaching qf with large values in 
v qoi , the registers corresponding to the initial states. The self-loop at qf sets up 
a large value in a special register u. Therefore, if the DFAs accept a common 
string, then qf is (k + 2)-separable. If no string is accepted by all DFAs, then 
on each path to qf, v qoi = 0, for some i, and hence qf is not (k + 2)-separable. 
Furthermore, along each path to q$ or qi, all registers contain one of at most 
fc+ 1 distinct values, and there is exactly one live register in each q ou u- Therefore 
no state other than qf is (k + 2)-separable. Thus, the registers of the separation 
gadget are (k + Inseparable iff all the DFAs simultaneously accept some string. 



Vl< i < k 



start 




Fig. 4.2: The separation gadget. In the self- loop at qi, 6 refers to the transition 
function of the appropriate DFA. 



Definition 9. Let A = {A\, . . . , Ak} be a set of k DFAs, each with a sin- 
gle accepting state. The separation gadget of A is the following ACRA M — 
{Q,E',V,5,n,qa,v): 

1- Q = {9o,9i,9/,9z}U {q uti | 1 < i < k}, 

2. £' = E U {#} U {a; | 1 < i < k}, and 

3. V = {u, z} U {v q | q G Q t , 1 < i < k}. 

4. S is defined by the following rules: 

(a) 5 (qo, 4f) — Qi- For all other a G E', 5 (qo, a) = qo. 

(b) For each a G E, S (qi,a) — q\. For all other a G E' , 6 (qi, a) = qf. 

(c) For all a G E, S(qf,a) — qf. 8(qf,#) = q z . For each a,, 1 < i < k, 
8(qf,ai) = q ouU . 
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(d) For each i. 1 < i < k, and a £ £' , S(q outi ,a) = q outi . 

5. /i is defined by the following rules: 

(a) For all a £ E' so S (go, a) = go, and f < i < k, fi (qo,a,v qfi ) = (v qfi ,i). 

(b) For all q, a € S, n(q\,a,v q ) — (fj'(^ a ),0). Here 5' is the transition 
function of the DFA containing q' . 

(c) For all a £ S, \x (qf, a, u) = (u, 1). 

(d) For all other g, a, v, /1 (q, a, w) = (v, 0). 

6. ^(<?/) = (u, 0), ^(g z ) = (2,0), and v{q outi ) = (v qoi ,0), for all i. In all other 
states, i/ (5) = _L 

Proposition 1. Let A be a set of k DFAs, and M be the separation gadget of 
A. 

1. Let a £ {£') so 5(qQ,o) ^ {qf,q z ,Qouu}- Then there is a collection FCZ 
with \P\ < k + 1, so for each register v £ V , val (i>, a) £ P. 

2. If the intersection language of the DFAs is empty, then for each a £ (£') , 
if S (qo, a) — qf, there is some i so that val (qoi, cr) = = val (z, a). 

3. If the intersection language of the DFAs is non-empty, then for each ceZ, 
there is a a £ (Z") so that <5 ((?o, cr) = qf, and for each v,v' £ {u, z} U 
{loi I 1 < * < k}, \val (v, a) — val (V, cr) | > c. 

We now conclude the hardness argument: 

Theorem 4. Given an ACRA M and a number k, deciding whether the register 
complexity of [Af] is at least k is PSPACE-hard. 

Proof. Given a set of k DFAs A, the separation gadget M of A can be constructed 
in polynomial time (M has k + 3 states, 2 + ^ \Qi\ registers, and operates over 
an alphabet of k + \S\ + 1 symbols). From proposition 1, it follows that an 
equivalent ACRA with k + 1 registers exists iff the intersection language is empty. 
Thus, the problem is PSPACE-hard. 



5 Games over ACRAs 

We now study games played over ACRAs. We extend the model of ACRAs to 
allow alternation - in each state, a particular input symbol may be associated 
with multiple transitions. The system picks the input symbol to process, while 
the environment picks the specific transition associated with this input symbol. 
Accepting states are associated with output functions, and the system may choose 
to end the game in any accepting state. Given a budget fc, we wish to decide 
whether the system has a winning strategy with worst-case cost no more than k. 
We show that ACRA games are undecidable when the registers are integer- valued, 
and EXPTiME-complete when the domain is D = N. 
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Definition 10. An ACRA (D) reachability game is played over a structure G = 
(Q, E, V, 5, [X, Qq, F , v), where Q, E, and V are finite non-empty sets of states, 
input symbols and registers respectively, SQQxExQis the transition relation, 
/i : 8 x V — > V x 1} is the register update function, qo G Q is the start state, 
F C Q is the set of accepting states, and v : F — > V x D is the output function. 
The game configuration is a tuple 7 = (q,val), where q G Q is the current 
state, and val : V — > D is the current register valuation. A run tr is a (possibly 
infinite) sequence of game configurations (qi,val\) — > ai (q^jVal^) ~^ a2 ' ' ' with 
the property that 

1. the transition q{ — > a% qi+\ G 8 for each i, and 

2. vali+i (u) = vali (v) + c, where \x (qi — > ai Qi+i, u) = (v, c), for each register 
u and transition i. 

A strategy is a function 9 : Q* x Q — > S that maps a finite history q\qi . . . q n 
to the next symbol 6 (<?i?2 • • ■ Qn)- A run ir is consistent with 6 if for each i, 
{Q1I2 ■ ■ ■ Qi) = a i- is winning starting from a state q if for every run ir 
consistent with 9 and starting from q± = q, there is some i so that qi G F '. It is 
winning from a configuration (q,val) with a budget of k G D if for every consistent 
run ir starting from (qi, val\) = (q, val), for some i, qi G F and v (qi, vali) < k. 

For greater readability, we write tuples (q,a,q') G 6 as q -^ a q' . If q G F, and 
val is a register valuation, we write v (q, val) for the result val (v) + c, where 
v (q) = (v, c). When we omit the starting configuration for winning strategies it 
is understood to mean the initial configuration (q , valg) of the ACRA. 

Consider the natural partial order ^ over register valuations: val ^ val' iff for 
all registers v, val (v) < val' (v). Then, any winning strategy for large valuations 
is also a winning strategy for small valuations: 

Claim. For each q, k, val, val', if val ^ val' , then every strategy 9 which is 
fc-winning starting from (q,val') is also fc-winning starting from (q,val). 

5.1 ACRA (N) reachability games can be solved in exptime 

Consider the simpler class of (unweighted) graph reachability games. These are 
played over a structure G* = (Q, S, S, qo, F), where Q is the finite state space, 
and E is the input alphabet. 5 C Q x E x Q is the state transition relation, 
qo G Q is the start state, and FCQis the set of accepting states. If the input 
symbol a G E is played in a state q, then the play may adversarially proceed 
to any state q' so that (q, a, q') G 5. The system can force a win if every run 
compatible with some strategy 9 1 : Q* x Q — >• E eventually reaches a state 
qf G F. Such games can be solved by a recursive back-propagation algorithm - 
corresponding to model checking the formula [iX ■ (F V Vaeu M -^0 _ ^ n time 
O (\Q\ \E\). Observe that these games obey the "small strategy" property: if there 
is a winning strategy 9, then there is a winning strategy 9 sma u which guarantees 
that no state is visited twice. 

From every ACRA (N) reachability game G — (Q, E, V, S, fi, qo, F, v), we can 
project out an unweighted graph reachability game G* = (Q, E, 8, qo,F). Also, 
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G' has a winning strategy iff for some fc G N, G has a fc-winning strategy. 
Consider the cost of 9 sma u (computed for G*) when used with G. Since no 
run ever visits the same state twice, 9 sma u is c o |Q|-winning, where Cq is the 
largest constant appearing in G. We have thus established an upper-bound on 
the optimal reachability strategy, if it exists. 

Now assume that we are given an upper-bound k, and asked to determine 
whether a winning strategy 9 exists within this budget. Because the register 
increments are non-negative, once a register v achieves a value larger than k, it 
cannot contribute to the final output, on any suffix a permitted by the winning 
strategy. We thus convert G into an unweighted graph reachability G k , where 
the value of each register is explicitly tracked in the state, until it is larger than 
k. After this, its value is clamped down to fc+1. 

Definition 11. Let G = (Q,U,V,5,n,qo,F,u) be an ACRA(N) reachability 
game. Then, for k G N, define the corresponding graph reachability game 

f — ( n' -Hvli-x ill y l 



G{ = (Q' = Q x [k + ir\Z,6',(q ,0) ,F 

as follows. Here [fc + 1] = {0, 1, 2, . . . , k + 1}. Consider some state (q, x) G Q' , 
and a G S. Define val x : V — > N as val x (u) — x u . Say also that (q,val) — > a 
(q',val'), for some q' , val' is a valid transition of the game configuration of G 
on playing symbol a. Define x f val as x' val u = val' (u), if val' (u) < k. Other- 
wise Kai.u = k+1. Then ((q,x.) -^ a {q' ,'x' val )) G 5'. Define (q,x) £f ^ 
v (q,val x ) < k. 

We claim that G has a fc-winning strategy 9 iff the player can force a win in 
G k . Consider any state (q,x) <G Q' from which the player can force a win. By 
induction on the assertion that (g, x) is winning, we can show there is a fc-winning 
strategy from every configuration (q,val) in G where x = x va i. Conversely, pick 
a configuration (q, val) of G from which a fc-winning strategy 9 exists. It follows 
that 9 is also a winning strategy in G k . 

Furthermore, the decision procedure for this problem can be translated into 
an optimization procedure: given an upper bound on the budget fc, determine 
the smallest fc' < fc, if exists, so that G has a fc'-winning strategy. From our 
discussion in the main paper, we know that if a winning strategy exists, then 
there is a winning strategy 9 with budget at most cq \Q\. Hence we have: 

Theorem 5. The optimal strategy 9 for an ACRA (N) reachability game G can 
be computed in time O [\Q\ \S\ 2' v ' lo s c ol<2lj ; where cq is the largest constant 
appearing in the description of G. 

Note that the optimal strategy in ACRA (N) games need not be memoryless: we 
might want to return to a state with a different register valuation. However, the 
strategy 9 constructed in the proof of the above theorem is memoryless given the 
pair (q, val) of the current state and register valuation. 
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5.2 Hardness of solving ACRA (D) reachability games 

ACRA (N) games are EXPTlME-hard We reduce the halting problem for 
linearly bounded alternating Turing machines to the problem of determining a 
winning strategy in an ACRA (N) reachability game. 

Definition 12. A linearly bounded alternating Turing machine is a tuple M = 
(Q = Qy U Q A j r, 5, qo, F, n). Q is the state space which is partitioned into "or"- 
states Q\j and and-states Q A . r = {0,1} is a binary tape alphabet, and 6 : 
Q x r x {1, 2} -> Q x r x {L, R} is the transition function, qo £ Q is the initial 
state, and F C Q is the set of accepting states, n £ N is the length of the tape, 
specified in unary. 

The configuration is a tuple 7 = (q,o~,pos), where q £ Q is the current state, 
g £ r n is the tape string, and pos £ {1, 2, . . . ,n} is the position of the tape head. 
The initial configuration is (qo,0 n ,l). In each configuration (q,o~,pos), 6 identi- 
fies two successors, corresponding to 8 (q,a pos ,l) and S (q,a pos ,2) respectively. 
Starting from a configuration (q,o~,pos), the machine M eventually halts if either: 

1. q £ F is an accepting state, or 

2. q £ Qy is an or-state and at least one of its successor configurations eventually 
halts, or 

3. q £ Q A is an and-state and both its successor configurations eventually halt. 

We construct the gadget shown in figure 5.1. There are two types of states: 
configuration states of the form (q, i, to) indicating that the TM is in state q, the 
tape head is in position i, and the last choice was move m £ {1, 2}, and challenge 
states of the form q\ a challenging the system to show that the symbol at position 
i of the tape is a. For each position i of the tape, we maintain two registers Vi, 
m,. We maintain the invariant that u, = a = 1 — m». Observe that to each state 
(q, i, rn) and input symbol a £ T indicating the current symbol under the head, 
there are two successors. If q = q A is an and-state, then regardless of m', on 
processing (a,m'), either transition may be taken. If q = q w is an or-state, then 
on processing (a, to'), we transition to state (q',j,m'). Here q' ', j are respectively 
the next state and next tape head position. On each transition, the tape symbol 
registers Vi, mi are appropriately updated. We now formalize: 

Definition 13. Let M = [Q = Q v U Q/\, r, S, qo, F, n) be a linearly bounded al- 
ternating Turing machine. Construct the following ACRA (N) reachability game 
G M = (Q',E,V,5',v,q ,F',p). 

1. Q' = {q } U (Q x [n] x {1, 2}) U {<£„ | Vi £ [n] , a £ F}. 

2. S = Tx {1,2}. 

3. V = {v limi ^G [n]}U{z}. 

4- Define 8' as follows. For all symbols a £ S, (q' — > a (qo, 1, 1)) £ 5' . 

(a) Let q £ Qy , a £ F ', to, to' £ {1,2}, and i £ [n]. Say that 5(q,a,m) = 
(q' , b, d). If executing this transition with the tape head at i leads to it being 
at position j, then (q,i,m') — >( a ' m ) (q',j,m) £ 6' and (q,i,mf) — >( a ^ m ) 
< Q e<5'. 
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(l,m') 

Fig. 5.1: Halting gadget Gm for a linearly bounded alternating Turing machine 
M. 
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(b) Let q £ Q A , a G r, to, ml ', m" € {1, 2}, and i G [n]. Say that 5 (q, a, m) = 
(q',b,d). Let j be the new head position, then (q,i,m') — s.l a > m ) {tf,j,m) G 
(5' and(q,i,TO')^( a ' m ") «£„€<*'. 

5. Define fi as follows. For all transitions r = (q' — > a q) G S, fi (r, Uj) = (2, 0), 
and /i (t, toj) = (z, 1), /or a// i. Lei r = (q,i,m) — *A a > m ) [q' ,j, m") be some 
transition in 5'. Let b be the tape symbol left behind by 6 (q, a,m"). Then 
define ji (r, Vi) = (z, 6) and /i (r, m,) = (z,l — b). For all other transitions 
t G 5' and registers v £ V, define \i (r, v) = (v, 0). 

6. Define F' = {(q,i,m) \ q e i r }u{9? ,9? 1 | 1 < i < n}. For a//i, to, v (q,i,m) - 
(z,0). v (qfo) — Vi and v (qfi) = mi, for all i. 

Here [n] = {1,2,..., n}, and Q c = {qf a | Vi, a} are the challenge states, z is the 
constant register, always holding the value 0. By induction on the assertion that 
the starting configuration (q,a,i) of the TM eventually halts, we have: 

Claim. Let (g, a, i) be a configuration starting from which M eventually halts. 
Then, for each m, there is a 0- winning strategy 9 in Gm starting from ((a, i, to) , val), 
where val encodes a. 

Let 9 be a 0- winning strategy in Gm, and consider its strategy tree. At some 
internal node, let it issue input symbol (afc,TOfc), and let 

n = q' ^o,m ) ( ft)iljni ) >«) ... _>(«*-i."»*-i) ( 0fc , ifc ,TO fc ) 

be the prefix of the run leading up to this node. It follows by induction on it 
that aj. is the current symbol under the tape head on the appropriate run of M 
(otherwise the adversary can lead the player to the challenge state qf a , but 
we assumed that 9 was a 0- winning strategy). Since 9 is 0- winning, every leaf 
of its decision tree must point to an accepting state. Furthermore, any winning 
strategy has to be associated with a finite decision tree, it follows that every run 
of M is accepting. Thus, 

Claim. If there is a 0-winning strategy 9 in Gm, then M eventually halts. 

Note that Q' has 0(\Q\n) elements, £ has 0(1) elements, and V has O (n) 
registers, where the tape size n was specified in unary. So Gm can be constructed 
in polynomial time given M. We thus conclude our argument: 

Theorem 6. Determining whether there is a winning strategy with budget k in 
an ACRA (N) reachability game is EXPTIME-Ziard. 

Remark 3. Note that Gm never really needs to increment any register, since 
during all transitions, the values are either maintained unchanged, or reset 
from the constant register z. This suggests that the hardness comes from the 
combinatorial structure of the game rather than the specific grammar that allows 
increments. 
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Undecidability of ACRA (Z) reachability games We reduce the halt- 
ing problem for two-counter machines to the problem of solving a ACRA (Z) 
reachability game. A two-counter machine M is a sequence of commands L = 
{li, l^, ■ ■ ■ , ln\i where each command is of the form inc (c), dec (c), if c > 
goto l\ else goto I2, or halt, where c refers to one of the counters {01,02}, 
and l\, I2 G L is the next location. Both counters are integer- valued and initialized 
to 0, and machine execution proceeds sequentially starting from location l\. The 
semantics of these machines are standard, and we will not formally define them. 
As with our earlier EXPTiME-hardness proof, the gadget Gm we construct has 
4 registers V\, mi, v 2 , m 2 . Registers vi — —mi maintain the value of counter c 1; 
while registers V2 = — rri2 maintain the value of counter c 2 . The challenge states 
Qc<o> 1c>o for c G {ci,c 2 } force the system to prove the appropriate assertion 
about the counter value. The rest of the states are simply the locations L of the 
two-counter machine. In location I G L, the system proposes the input symbol 
(a, b) G {ci < 0, c\ > 0} x {c 2 < 0, c 2 > 0}. Each component of the tuple is an 
assertion about the value of the respective counter. Control proceeds to the next 
location I' depending on the location at I and the input symbol just received. 
The counters are incremented / decremented appropriately. We show that Gm 
has a 0-winning strategy 8 iff M eventually halts. 

Definition 14. Let M be a two-counter machine. Then, the halting gadget 
Gm = {Qi £, V, ^7 Mi ^i) v ) * s ^ e following ACRA (Z) reachability game. 

1. Q — L U {g Cl <o,'?c 1 >o,<?c 2 <o,'7c 2 >o}- We refer to the special states Q c = 
{<7ci<o,<7c 1 >o,<3 , c 2 <o,<7c 2 >o} as the challenge states. 

2. £ = {a < 0, ci > 0} x {c 2 < 0, c 2 > 0}. 

3. V = {v 1 ,mi,v 2 ,m 2 ,z}. 

4- Define the transition relation 6 as follows. Let li, lj be arbitrary program 
locations so lj can follow li in execution. Then 

(a) Let U be either an increment or decrement instruction. Then (li — > a U+i) G 
S, for each a G S. 

(b) Let U be the instruction if c\ > goto I else goto V . Then, the transi- 

tions k ^( c !> ^) I, 1, _>.(ci>0,a) qc ^ 0> t . _ ) .(c 1 <0,a) j/ j j. _ ) .(c 1 <0,a) fc<Q 

occur in S. And similarly for the conditional jumps on c 2 . 

5. Define the register update function /i as follows. Let li be instruction inc (ci). 
Then \x (U — > a U+i, Vi) — (vi,l), and /i(li — > a Zj+i,mi) = (mi,— 1). Or 
dec (ci), fi is decremented and mi is incremented. Similarly for inc (c 2 ) anrf 
dec(c 2 ). In all other transitions t, ji(t,v) = (v,0), for each register v, i.e. 
the register is left unchanged. 

6. For all halting locations I = halt G L, define v (I) — (z,0). For all non- 
halting locations I G L, define v (I) — _L. For the challenge states, define 
v (Qc z <o) = Vi + 1, v (q Cz >o) = rn t . 

Theorem 7. Determining whether there is a winning strategy with budget k in 
an ACRA(Z) reachability game is undecidable. 
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Proof. We establish the claim that M halts iff Gm permits a winning strategy 
7 with budget 0. The undecidability of solving ACRA (Z) reachability games 
follows from the undecidability of the halting problem for two-counter machines 

First, assume that M halts. We want to construct a winning strategy 7 with 
budget 0. Consider the finite execution of M . After executing the first k steps, 
the player issues the symbol ($1,82), where s\, s 2 are respectively the signs of 
the values in C\, C2 after the two-counter machine executes for k steps. That this 
is a 0-budget strategy follows from the invariant that after the first k steps, there 
is only one run that does not end in a challenge state, and in that run, Vi holds 
the value of Cj, and mi = — Vj. 

Conversely, assume that a winning strategy 7 exists. Then the decision tree 
encoding the strategy has to be finite. In any such strategy tree, challenge states 
may appear only at the leaves. Observe that any challenge state q c< o or g c >o 
has a sibling state I E L. Furthermore, for all non-halting locations I ^ halt, 
v (I) = _L, and so no non-halting location can be at the leaf of the strategy tree. 
Thus, some leaf of the strategy tree has to be in a location I — halt. Consider the 
finite sequence of input symbols leading to this location. Because it is a winning 
strategy, at each node of the tree, if the next input symbol is (si, s 2 ), then s±, s 2 
are respectively the signs of the values in c± , c 2 after the machine executes for 
the appropriate number of steps. Thus, this trace encodes a halting run of the 
machine. 

6 Conclusion 

In this paper, we studied two decision problems for additive regular functions: 
determining the register complexity, and alternating reachability in ACRAs. The 
register complexity is the largest number k so that every ACRA implementing 
/ has at least k registers. We developed an abstract characterization of register 
complexity as separability and showed that computing it is PSPACE-complete. We 
then studied the reachability problem in alternating ACRAs, and showed that it is 
undecidable for ACRA (Z) and EXPTlME-complete for ACRA (N) games. Future 
work includes proving similar characterizations and providing algorithms for 
register minimization in more general models such as streaming string transducers. 
String concatenation does not form a commutative monoid, and the present paper 
is restricted to unary operators (increment by constant), and so the technique 
does not immediately carry over. Another interesting question is to find a machine- 
independent characterization of regular functions / : S* — > Zj_ . A third direction 
of work would be extending these ideas to trees and studying their connection to 
alternating ACRAs. 
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